Leland K. Neely states:
> To me, it is not so much that you can or can not guarantee the source, but rather
> that there are other resources besides printers that can be accessed. There is a
> growing number of remote management inits for macs that can be used to take
> control of a remote machine. The concept of proxy services is harder to
> do with appletalk.
>
> Lets invent an ugly example:
> I have joe user who makes his disk available r/w to any guest user.
> (so he can share files easily)
> I mount his disk from my hostle location, and install a copy of Timbuktu
> (or whatever) and make sure that there is a copy of an IP program there.
> (IE Telnet, macX, ...)
> I wait for a reboot to load my init.
>
> Now - I grab ahold of the mac and fire up the ip client which works and displays
> on my machine. I then start hacking on remote IP based machines and the like.
>
> Even easier--
> Hell, I could corrupt some init (such as one for viruses) that talks to tcpip
> and then reports to a file that I could pick up every once in a while.
> Then I replace it with some other that does something to causse a remote session
> back to me from my "real" target.
>
If I could ensure that the guest user was disabled on all machines (this
may not be feasible as I guess any staff/student could reenable it
without me knowing, buts lets assume...) then would the same problems apply?
Would I just be making it slightly harder for the cracker?
If I could filter on appletalk network numbers and could trust the remote
network would that be safe? ie could net numbers be faked?
>
> OK - equal time-- you can make this better-
>
> A way (no claims of performance or prettiness) to be somewhat secure--
> you create an appletalk DMZ. This has a machine that has print queues for
> the remote printers on either side, (maint. required) and it would also use
> some sort of relay for file service mounts. (IE mount with TOPS, exported with
> appleshare or something)
>
> IF you have other services that need to talk, then you have to put them here too
> (or a relay) You have to look at this like a firewall. You don't allow DIRECT
> access to your secure net. Instead, you provide external access to that which
> you wish to share, and the rest is safe. As always, the bastian hosts need to
> be watched. I am also not sure I like the redistribution of volumes as this
> means that there is no prior review proceedure to prevent dangerous or sensitive
> files from being moved.
>
> Please be carefull. I don't want to see you get burned.
> Good luck!
> Lee
Whatever I do, I think the chances of getting burned are very small given
that the network is limited to the state and I will limit it further
somehow. I just want to make sure I do everything possible to ensure
that the chances are as minute as possible as even a slight singe could
be politically disasterous for us.
thanks
johng
--
John Gibbins The Western Australian Research Institute
The University of Western Australia for Child Health Ltd ,-_|\
email: johng @
chi .
uwa .
edu .
au GPO Box D184 / \
Phone: +61-9-3408547 PERTH W.A. 6001 *_,-._/
Fax: +61-9-3883414 AUSTRALIA v
"Nothing is foolproof as fools are so ingenious"